Comment by hobofan

6 hours ago

I'm not intimately familiar with Wireguard, but there are some things that are almost universally applicable:

- It should run on an maintained OS (which should run on available hardware), so whatever changes are necessary to keep pace with that

- It may want to add optimizations regarding newer CPU architectures

- It uses a compiler, so whatever changes necessary to stay on a maintained version of the compiler

- It uses cryptography, so whatever changes necessary to stay up to date with latest cryptographic research to provide a secure solution, as well as updating cryptographic libraries to not be exposed to CVEs found in them. It also exists in the context of one/multiple jurisdictions, so possibly also changes to comply with interference in sound cryptography (let's hope not).

And all of those are just part of the things to keep up with the world around you evolving. Of course there may also be bugs to fix in the code itself, and/or new ones created by doing any of the changes above.

Even their definition of "complete"[0] includes "active maintenance" and "still much to do".

[0]: https://www.wireguard.com/repositories/

2 comments

hobofan

Reply
midtake  4 hours ago

It uses Curve25519 for key exchange and ChaCha20-Poly1305 for symmetric encryption. There aren't many hardware primitives that would speed it up, although AVX2 and similar would help process ChaCha20.

  • bayindirh  3 hours ago

    > It uses Curve25519 for key exchange and ChaCha20-Poly1305 for symmetric encryption.

    For now.

    > There aren't many hardware primitives that would speed it up,

    For now.

    > although AVX2 and similar would help process ChaCha20.

    So, there's at least a bullet point for experimental branching.

    Also, the WireGuard Tunnel Manager on macOS is far from done.